baseline
Ansible baseline role for Ubuntu
A basic Ansible role to update and configure an Ubuntu server.
Note
Do not use this role without first testing in a non-operational environment.
Note
There is a SLSA artifact present under the slsa action workflow for verification.
Task list overview
- Install local facts
- Configure local facts and install Python dependencies
- Configure package manager
- Configure systemd timesyncd
- Configure needrestart, install and remove various packages
- Configure apport
- Configure motdnews
- Configure sudo
- Add issue message
Role Variables with defaults
./defaults/main/packages.yml
system_upgrade: true
packages_blocklist:
- apport*
- beep
- pastebinit
- popularity-contest
- prelink
- rpcbind
- rsh*
- talk*
- telnet*
- tftp*
- whoopsie
- xinetd
- yp-tools
- ypbind
packages_installation:
- debsums
- gnupg2
- haveged
- libpam-tmpdir
- lsb-release
- needrestart
- unattended-upgrades
system_upgrade: true
will run apt upgrade
.
packages_installation
is packages to be installed and
packages_blocklist
is packages to be removed.
./defaults/main/timesyncd.yml
---
manage_timesyncd: true
fallback_ntp:
- ntp.netnod.se
- ntp.ubuntu.com
ntp:
- 2.pool.ntp.org
- time.nist.gov
If enable_timesyncd: true
then configure systemd
timesyncd.
Contributing
Do you want to contribute? Great! Contributions are always welcome, no matter how large or small. If you found something odd, feel free to submit a issue, improve the code by creating a pull request, or by sponsoring this project.
License
Apache License Version 2.0
Author Information
Install
ansible-galaxy install konstruktoid/ansible-role-baseline
License
apache-2.0
Downloads
59
Owner